possible not hide external javascript files?

Soldato
Joined
1 Feb 2006
Posts
8,188
hi guys,

had a quick google for this but no joy on what i was looking for - is it possible to make .js files unreadable to a website visitor by setting htaccess permissions without making it stop working? i.e. if a user was to reference the .js file directly the content would not be returned by the browser. Not urgent and im not sure that it is doable but its worth a try.

Thanks
 
Soldato
OP
Joined
1 Feb 2006
Posts
8,188
Hi, Just had a look at that and the lines i added to the htaccess file blocked my javascript file completely.. I want it to be able to be called from within an HTML page but hidden if accessed directly by typing the url. Is this possible?
 
Soldato
Joined
11 May 2004
Posts
4,790
Location
Gloucester
Not possible, how do you think the browser requests it? Some browsers -may- give a referrer, but it's by no means certain. There's no way to stop the client from being able to see client side information, including scripts. The best you can do with javascript is pack it to prevent casual viewing, but unpacking it is a matter of seconds for someone who knows what they're doing.
 
Soldato
OP
Joined
1 Feb 2006
Posts
8,188
Thanks for the info - I knew you could hide php files in a secret directory and include them but i guessed that for client side scripts it would be different. Cheers for the link to 'packer'.
 

Una

Una

Associate
Joined
26 Nov 2004
Posts
2,471
Location
Reading / Lake District
Your best bet would be "javascript obfuscation" (google it)

This is the only way you can really hide the js code because its client side and the browsers javascript engine needs to be able to interpret it for it to work. Obfuscating it will stop people casually looking at it, but given enough time/effort it is deobfuscatable.
 
Back
Top Bottom